2026-03-31 · cloudflare
Cloudflare announced that its advanced Client-Side Security tools are now open to self-serve customers, alongside complimentary domain-based threat intelligence for the free bundle. The company says its new detection system combines graph neural networks and LLMs to catch malicious JavaScript while cutting false positives dramatically. The post highlights a real security problem: browser-side attacks can steal data without breaking site functionality. Cloudflare is positioning AI-assisted detection as a practical defense against supply-chain abuse, skimming attacks, and malicious scripts that hide in front-end code.
Cloudflare made Client-Side Security Advanced self-serve and expanded free domain-based intelligence to all users. The system uses a cascading model where a graph neural network handles first-pass detection and an LLM assists triage on suspicious scripts. Cloudflare says the combination helps detect sophisticated malicious JavaScript while reducing false positives by up to 200x.
Client-side attacks are especially dangerous because checkout flows and page loads can continue to work even while data is being stolen. That means a breach can go unnoticed while credentials, payment details, or session data are siphoned off in the browser. The cost of missing one malicious script can be enormous because the attack often hits production traffic directly.
Cold storage protects the post-incident recovery layer by ensuring clean backups exist outside the compromised web stack. If front-end or vendor-managed code is tampered with, offline archives let teams rebuild from a trusted state instead of guessing which files were altered. Cloudflare’s announcement is a reminder that detection is only half the story; survivable recovery still depends on isolated backups.
Read Original Post →